Configure Workspace ONE Boxer using App Policies and custom KVPs provided in the Assignment page.

You can use the following steps to assign Boxer 5.17 or later using the Workspace ONE UEM console version 2004 or higher. If you are using a console version of less than 2004 to assign older versions of Boxer, see Application Configurations for Workspace ONE Boxer.


Upload Boxer as a public or an internal application to the Workspace ONE UEM console.


  1. Navigate to Apps & Books > Applications > Native > List View > Public.
  2. Select Assign under the Install Status column for Boxer. Alternatively, you can also select the edit icon and then select Save & Assign.
  3. Select Add Assignment in the Assignment window.
    1. In the Distribution tab, enter the following information:
      Setting Description
      Name Enter the name of the assignment.
      Description Enter the description for the assignment.

      Assignment Groups

      Enter smart groups to receive the Workspace ONE Boxer flexible deployment assignment.

      As you enter the smart group name, options are displayed and you can select the appropriate smart group from the list.

      If necessary, you can add more assignment groups.

      App Delivery Method
      • On Demand – Deploys Boxer to the deployment agent. The device user can decide if and when to install the application.
      • Automatic – Deploys Boxer to a deployment Hub on a device when enrollment. After the device enrolls, the system prompts users to install Boxer on their devices.
    2. In the Restrictions tab, enter the following information:
      Settings Description

      EMM Managed Access

      Enable adaptive management to set Workspace ONE UEM to manage the device so that the device can access the application. Only the devices that are enrolled in EMM can install the app and receive app policies when you enable this setting.

      Remove on Unenroll When enabled, it removes the application from a device when the device unenrolls using Workspace ONE UEM. Workspace ONE UEM enables this setting by default.

      If you enable this setting, supervised devices are restricted from a silent app installation. This is because the device is locked and the provisioning profile installation is in the command queue which requires a device to be unlocked to complete the installation.

      If you disable this setting, provisioning profiles are not pushed with the installed application. That is, if the provisioning profile is updated, the new provisioning profile is not automatically deployed to devices. In such cases, a new version of the application with the new provisioning profile is required.

      Prevent Application Backup Enable this setting to prevent backing up the application data to iCloud.
      Make App MDM Managed if User Installed

      Assume management of applications previously installed by users on their devices, whether applications are supervised or unsupervised.

      Enable this feature so that users do not have to delete the application version installed on the device. Workspace ONE UEM manages the application without having to install the AirWatch Catalog version on the device.

      This setting is not effective if the privacy settings of the console are set to prevent the collection of personal application data.
    3. In the Tunnel & Other Attributes tab, enter the following information:
      Settings Description
      Per App VPN Profile

      Select the Per-App VPN Profile to configure a VPN at the application level.

      Other Attributes App attributes provide device-specific details for Boxer to use.
      Upload XML You can upload an XML file that contains the key value pairs supported by the application for the app configuration.
    4. In the Application Configuration tab, enter the following information:
      Settings Description

      Send Configuration

      When enabled, it configures Boxer using the settings provided by the app developer.
      UPLOAD XML You can upload an XML file that contains the key value pairs supported by Boxer.
      ADD You can also manually add the configuration keys, value types, and the look up values.
    5. In the Email Settings, enter the following information:
      Settings Description
      Account Name Enter the Exchange account name.
      Exchange ActiveSync Host Enter the EAS server URL. For SEG deployments, enter the SEG URL.
      Email Management If you want to associate a Mobile Email Management with the Boxer configuration,you must enter at least one MEM configuration.
      Domain, User, and Email Address Enter the domain name, user name, and email address. By default, the login information includes {EmailDomain}, {EmailUserName} and {EmailAddress} that are defined as lookup values in your directory service. To override these values, use custom lookup values.
      Password Enter the password.
      Note: Password field only supports lookup values, not the actual password value.
      Email Signature Enter the email signature.
      Modern Authentication Modern Authentication is an OAuth based token authentication method for Office 365. When enabled, you are redirected to the login page for authentication.
      Authentication Type

      Select one of the following authentication types for end users to authenticate with Exchange Server using the credentials used to log in Workspace ONE.

      • Basic – Authenticates using a user name and a password.
      • Certificate – Authenticates using a certificate.
        • Select the desired Certificate Authority and Certificate Template.
      • Both – Authenticates using a certificate to authenticate with a network appliance and a password to authenticate with Exchange.
      • Certificate-Based Authentication with Modern Authentication (CBA with Modern Authentication) - Workspace ONE Boxer supports certificate-based authentication with Modern Authentication. Boxer support SCEP. To view the supported certificates, see section Supported Certificate Authorities.
      • iOS does not support Certificate-based authentication using Modern Authentication. Only Android supports this authentication mode.
      • Consider a scenario where you have set the certificate as an authentication type without enabling the SSO passcode, and the user delete and reinstall the Boxer application. At the time of reinstallation, user gets authenticate automatically as you have configured CBA as an authentication type. Such a scenario can create an attack vector for intruders who have a physical access to the device. Without an added authentication challenge, an intruder can gain access to email resources by deleting and reinstalling the Boxer application.

        To avoid such intruders, Boxer must authenticate users using the Workspace ONE credentials before allowing them to access emails. An alternative solution to requiring Workspace ONE credentials is to enable SSO workflows that restrict intruders to rest a standalone passcode.

      • Specifies number of authentication retries - specify the number of authentication retries upon failure.
      Sync Configure Boxer to determine how to sync email and calendar.
      Notifications Configure Email Notification Service (ENS) and its behaviour to provide real-time notification.
      Spam & Phishing Reporting Configure the actions to be taken on email identified as spam or phishing attack.
      Mobile Flows Configure mobile flows server information that Boxer can integrate with.
      S/MIME Configure S/MIME status.
      Email Classification Enable or disable classification markings.
    6. In the App Policies, enter the following information:
      Settings Description
      Data Loss Prevention  
      Copy Paste

      If restricted:

      • End users cannot copy and paste content from Workspace ONE Boxer to other applications.
      • If personal accounts are enabled, end users can copy and paste between personal and work accounts. Therefore, consider disabling personal accounts to restrict the copy and paste functionality completely.
      • Share and define options are made unavailable in the application when selecting text.
      Local Calendars Set to true to enable local calendars in Workspace ONE Boxer.
      Personal Contacts If the option is restricted, end users can access contacts only from the email accounts in the app. If unrestricted, end users can access contacts from other apps on the device.
      [iOS] Allows printing Enables or disables printing of emails and attachments.
      [iOS] Allow Custom Keyboards Enables or disables the use of third-party keyboard.
      [iOS] Restrict unsecured HTTP connections Restricts loading content from unsecured (HTTP) connection.
      Sharing These settings determine whether users can open emails or their attachments in other application. Based on your requirements, you can specify the allowed application using the Allowlist option or allow sharing in any application.
      Control Open In Enable or disables attaching of files from other apps using the open-in or share into Workspace ONE Boxer.
      Control Attachments from external providers Enables or disables attachments from external providers (Example- iCloud, Dropbox, Google Drive) using Workspace ONE Boxer.
      Personal Accounts

      If restricted, end users can no longer add any additional accounts to the application.  

      If end users already have Workspace ONE Boxer on their device with personal accounts configured, then they are prompted whether they want to remove their existing personal accounts now or later. End users do not receive work email through Workspace ONE Boxer until they remove all personal accounts.

      PolicyDisableKeyEscrow not globalized

      Disable the escrowing key on to the server. Disabling this disables the forgot password feature.

      Internal Domains List

      Define the domains that are internal or permitted.
      External Recipient Warning Enables the warning when the user enters recipients from external domains. If the domains are configured and the External Recipient Warning is enabled , the 'Confirm before sending' setting is unavailable to the users. When the warning is displayed, the user can either accept and return to the Compose email menu or ignore and continue sending the email to external recipients.
      [iOS] Enable Swift SDK Key Wrapping Only Mode Defines the Swift SDK key wrapping mode.
      Hyperlinks When restricted, all hyperlinks are open only in Workspace ONE Web.
      Restrict to Default Browser Allows Boxer to open all links in the default browser.
      Browser Exceptions If hyperlinks are restricted in the Console, you can add a list of exceptions for domain or sites to open always in the default browser.
      Skip in app tutorial Enable this option to skip the in app tutorial appears on the first launch of the application.
      Caller ID

      Enable to provide Caller ID functionality for all Workspace ONE Boxer contacts.

      By enabling this feature, Workspace ONE Boxer exports names and phone numbers only to the native contacts app.

      Default Caller ID Enable the exporting of contacts, names, and phone numbers by default. This option requires the Caller ID option to be set as unrestricted.
      Enable Avatars Enable or disable Avatars.
      Archive Action Allows or block the ability to archive emails.
      Conversation Grouping Enables the conversation view to group emails by conversation.
      Enterprise Content Configure Enterprise Content in Boxer.
      Enable the use of CallKit An iOS setting that requires user interaction to enable CallKit caller ID.
      Left Short Swipe default, Left Long Swipe default, Right Short Swipe Default, and Right Long Swipe Default Define the default swipe actions. Users can customize swipe actions using the options provided in the Workspace ONE Boxer app
      Allows Logging Allows users to send logs.
      Support Email Address Enter address to be specified when sending logs through the support menu.
      Allow Crash Reporting By default, Boxer is allowed to report crashes anonymously.
      Enable Single Sign-On (SSO) Enables or disables SSO for Workspace ONE Boxer.
      Allow Attachments Allows the users to add or forward attachments.
      Allow Attached Download Enables or disables downloading of attachments.
      Allow Photo Attachments Enables or disables attaching of images and media files from the photo gallery and camera.
      Plain Text Mode Enables or disables the plain text mode of Boxer. If enabled, Boxer retrieves only plain text from HTML mails when syncing. Workspace ONE Boxer sends only plain text regardless of the email message format. The formatting controls in the compose view is disabled and only text can be copied and pasted from rich or HTML content.
      Refetch Empty Links using Mime For emails (fetched using HTML) that contain non-standard URL schemes, pointing to non-server domains, Exchange replaces the URL with two empty spaces. Enable or disable this option for Boxer to detect this occurrence and redownload the affected body using MIME, which is not subject to the URL replacement error.
      Anonymous Metrics Enable this option to allow collection of anonymous usage data to improve user's Workspace ONE Boxer experience. When enabled, a Data Sharing notice is displayed to user when Workspace ONE Boxer is launched. The device user can enable or disable data sharing by navigating to Settings > Privacy > Data Sharing.
      QuickJoin custom URLs This enables the QuickJoin button found in calendar invites.
      Application update source Select the source to download Boxer.
  4. Select Create.